CVE-2021-44228 - Vulnerability Details

CVE-2021-44228 - Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Dec. 10, 2021.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Apache	Log4j
Apple	Xcode
Bentley	Synchro Synchro 4d
Cisco	Advanced Malware Protection Virtual Private Cloud Appliance Automated Subsea Tuning Broadworks Business Process Automation Cloud Connect Cloudcenter Cloudcenter Cost Optimizer Cloudcenter Suite Cloudcenter Suite Admin Cloudcenter Workload Manager Common Services Platform Collector Connected Analytics For Network Deployment Connected Mobile Experiences Contact Center Domain Manager Contact Center Management Portal Crosswork Data Gateway Crosswork Network Automation Crosswork Network Controller Crosswork Optimization Engine Crosswork Platform Infrastructure Crosswork Zero Touch Provisioning Customer Experience Cloud Agent Cx Cloud Agent Cyber Vision Cyber Vision Sensor Management Extension Data Center Network Manager Dna Center Dna Spaces Dna Spaces\ Dna Spaces Connector Emergency Responder Enterprise Chat And Email Evolved Programmable Network Manager Finesse Firepower 1010 Firepower 1120 Firepower 1140 Firepower 1150 Firepower 2110 Firepower 2120 Firepower 2130 Firepower 2140 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 Firepower 9300 Firepower Threat Defense Fog Director Fxos Identity Services Engine Integrated Management Controller Supervisor Intersight Virtual Appliance Iot Operations Dashboard Mobility Services Engine Network Assurance Engine Network Dashboard Fabric Controller Network Insights For Data Center Network Services Orchestrator Nexus Dashboard Nexus Insights Optical Network Controller Packaged Contact Center Enterprise Paging Server Prime Service Catalog Sd-wan Vmanage Smart Phy Ucs Central Ucs Central Software Ucs Director Unified Communications Manager Unified Communications Manager Im \& Presence Service Unified Communications Manager Im And Presence Service Unified Computing System Unified Contact Center Enterprise Unified Contact Center Express Unified Contact Center Management Portal Unified Customer Voice Portal Unified Intelligence Center Unified Sip Proxy Unified Workforce Optimization Unity Connection Video Surveillance Manager Video Surveillance Operations Manager Virtual Topology System Virtualized Infrastructure Manager Virtualized Voice Browser Wan Automation Engine Webex Meetings Server Workload Optimization Manager
Debian	Debian Linux
Fedoraproject	Fedora
Intel	Computer Vision Annotation Tool Datacenter Manager Genomics Kernel Library Oneapi Sample Browser Secure Device Onboard System Studio
Netapp	Active Iq Unified Manager Brocade San Navigator Cloud Insights Cloud Manager Cloud Secure Agent Oncommand Insight Ontap Tools Snapcenter Solidfire \& Hci Storage Node Solidfire Enterprise Sds
Percussion	Rhythmyx
Redhat	Amq Streams Camel Quarkus Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Enterprise Bpms Platform Jboss Fuse Logging Openshift Openshift Application Runtimes
Siemens	6bk1602-0aa12-0tp0 6bk1602-0aa12-0tp0 Firmware 6bk1602-0aa22-0tp0 6bk1602-0aa22-0tp0 Firmware 6bk1602-0aa32-0tp0 6bk1602-0aa32-0tp0 Firmware 6bk1602-0aa42-0tp0 6bk1602-0aa42-0tp0 Firmware 6bk1602-0aa52-0tp0 6bk1602-0aa52-0tp0 Firmware Capital Comos Desigo Cc Advanced Reports Desigo Cc Info Center E-car Operation Center Energy Engage Energyip Energyip Prepay Gma-manager Head-end System Universal Device Integration System Industrial Edge Management Industrial Edge Management Hub Logo\! Soft Comfort Mendix Mindsphere Navigator Nx Opcenter Intelligence Operation Scheduler Sentron Powermanager Siguard Dsa Sipass Integrated Siveillance Command Siveillance Control Pro Siveillance Identity Siveillance Vantage Siveillance Viewpoint Solid Edge Cam Pro Solid Edge Harness Design Spectrum Power 4 Spectrum Power 7 Sppa-t3000 Ses3000 Sppa-t3000 Ses3000 Firmware Teamcenter Vesys Xpedition Enterprise Xpedition Package Integrator
Snowsoftware	Snow Commander Vm Access Proxy
Sonicwall	Email Security

Configuration 1 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::

Configuration 7 [-]

AND

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:a:siemens:capital::::::::
	cpe:2.3:a:siemens:capital:2019.1:-::::::
	cpe:2.3:a:siemens:capital:2019.1:sp1912::::::
	cpe:2.3:a:siemens:comos::::::::
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
	cpe:2.3:a:siemens:e-car_operation_center::::::::
	cpe:2.3:a:siemens:energy_engage:3.1:::::::*
	cpe:2.3:a:siemens:energyip:8.5:::::::*
	cpe:2.3:a:siemens:energyip:8.6:::::::*
	cpe:2.3:a:siemens:energyip:8.7:::::::*
	cpe:2.3:a:siemens:energyip:9.0:::::::*
	cpe:2.3:a:siemens:energyip_prepay::::::::
	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
	cpe:2.3:a:siemens:industrial_edge_management::::::::
	cpe:2.3:a:siemens:industrial_edge_management_hub::::::::
	cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
	cpe:2.3:a:siemens:mendix::::::::
	cpe:2.3:a:siemens:mindsphere::::::::
	cpe:2.3:a:siemens:navigator::::::::
	cpe:2.3:a:siemens:nx::::::::
	cpe:2.3:a:siemens:opcenter_intelligence::::::::
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_command::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
	cpe:2.3:a:siemens:siveillance_vantage::::::::
	cpe:2.3:a:siemens:siveillance_viewpoint::::::::
	cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
	cpe:2.3:a:siemens:spectrum_power_4::::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
	cpe:2.3:a:siemens:spectrum_power_7::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
	cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:vesys::::::::
	cpe:2.3:a:siemens:vesys:2019.1:::::::*
	cpe:2.3:a:siemens:vesys:2019.1:-::::::
	cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
	cpe:2.3:a:siemens:vesys:2020.1:-::::::
	cpe:2.3:a:siemens:vesys:2021.1:-::::::
	cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
	cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
	cpe:2.3:a:intel:datacenter_manager::::::::
	cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
	cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
	cpe:2.3:a:intel:secure_device_onboard:-:::::::*
	cpe:2.3:a:intel:system_studio:-:::::::*

Configuration 10 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 11 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 12 [-]

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

Configuration 13 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:brocade_san_navigator:-:::::::*
	cpe:2.3:a:netapp:cloud_insights:-:::::::*
	cpe:2.3:a:netapp:cloud_manager:-:::::::*
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::*

Configuration 14 [-]

OR	cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::
	cpe:2.3:a:cisco:automated_subsea_tuning::::::::
	cpe:2.3:a:cisco:broadworks::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:cloud_connect::::::::
	cpe:2.3:a:cisco:cloudcenter::::::::
	cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::
	cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::
	cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
	cpe:2.3:a:cisco:contact_center_domain_manager::::::::
	cpe:2.3:a:cisco:contact_center_management_portal::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller::::::::
	cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_optimization_engine::::::::
	cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::
	cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
	cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::
	cpe:2.3:a:cisco:data_center_network_manager::::::::
	cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_spaces\:_connector::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:enterprise_chat_and_email::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
	cpe:2.3:a:cisco:fog_director:-:::::::*
	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
	cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::
	cpe:2.3:a:cisco:intersight_virtual_appliance::::::::
	cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
	cpe:2.3:a:cisco:network_assurance_engine::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:nexus_dashboard::::::::
	cpe:2.3:a:cisco:nexus_insights::::::::
	cpe:2.3:a:cisco:optical_network_controller::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
	cpe:2.3:a:cisco:paging_server::::::::
	cpe:2.3:a:cisco:prime_service_catalog::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:smart_phy::::::::
	cpe:2.3:a:cisco:ucs_central::::::::
	cpe:2.3:a:cisco:ucs_director::::::::
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unity_connection::::::::
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::
cpe:2.3:a:cisco:virtual_topology_system::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_voice_browser::::::::
cpe:2.3:a:cisco:wan_automation_engine::::::::
cpe:2.3:a:cisco:webex_meetings_server::::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::
cpe:2.3:o:cisco:unified_intelligence_center::::::::
cpe:2.3:o:cisco:unified_sip_proxy::::::::
cpe:2.3:o:cisco:unified_workforce_optimization::::::::

Configuration 15 [-]

AND

OR	cpe:2.3:h:cisco:firepower_1010:-:::::::*
	cpe:2.3:h:cisco:firepower_1120:-:::::::*
	cpe:2.3:h:cisco:firepower_1140:-:::::::*
	cpe:2.3:h:cisco:firepower_1150:-:::::::*
	cpe:2.3:h:cisco:firepower_2110:-:::::::*
	cpe:2.3:h:cisco:firepower_2120:-:::::::*
	cpe:2.3:h:cisco:firepower_2130:-:::::::*
	cpe:2.3:h:cisco:firepower_2140:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

OR	cpe:2.3:o:cisco:fxos:6.2.3:::::::*
	cpe:2.3:o:cisco:fxos:6.3.0:::::::*
	cpe:2.3:o:cisco:fxos:6.4.0:::::::*
	cpe:2.3:o:cisco:fxos:6.5.0:::::::*
	cpe:2.3:o:cisco:fxos:6.6.0:::::::*
	cpe:2.3:o:cisco:fxos:6.7.0:::::::*
	cpe:2.3:o:cisco:fxos:7.0.0:::::::*
	cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration 16 [-]

OR	cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
	cpe:2.3:a:cisco:broadworks:-:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
	cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
	cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
	cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
	cpe:2.3:a:cisco:dna_spaces:-:::::::*
	cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
	cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::
	cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::
cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::*
cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::*
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*

Configuration 17 [-]

OR	cpe:2.3:a:snowsoftware:snow_commander::::::::
	cpe:2.3:a:snowsoftware:vm_access_proxy::::::::

Configuration 18 [-]

OR	cpe:2.3:a:bentley:synchro:::::pro:::*
	cpe:2.3:a:bentley:synchro_4d:::::pro:::*

Configuration 19 [-]

cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*

Configuration 20 [-]

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
EAP 7.4 log4j async
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2021:5140	2021-12-15T00:00:00Z
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.10-1	cpe:/a:redhat:logging:5.0::el8	RHSA-2021:5137	2021-12-14T00:00:00Z
OpenShift Logging 5.1
openshift-logging/elasticsearch6-rhel8:v6.8.1-67	cpe:/a:redhat:logging:5.1::el8	RHSA-2021:5128	2021-12-14T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch6-rhel8:v6.8.1-66	cpe:/a:redhat:logging:5.2::el8	RHSA-2021:5127	2021-12-14T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch6-rhel8:v6.8.1-65	cpe:/a:redhat:logging:5.3::el8	RHSA-2021:5129	2021-12-14T00:00:00Z
Red Hat AMQ Streams 1.6.5
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2021:5133	2021-12-14T00:00:00Z
Red Hat AMQ Streams 1.8.4
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2021:5138	2021-12-14T00:00:00Z
Red Hat Data Grid 8.2.2
log4j-core	cpe:/a:redhat:jboss_data_grid:8.2	RHSA-2021:5132	2021-12-14T00:00:00Z
Red Hat Fuse 7.10
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:5134	2021-12-14T00:00:00Z
Red Hat Fuse 7.8.2, 7.9.1, 7.10.1
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0203	2022-01-20T00:00:00Z
Red Hat Integration
log4j-core	cpe:/a:redhat:integration:1	RHSA-2021:5130	2021-12-14T00:00:00Z
Red Hat Integration Camel Quarkus 2
log4j-core	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2021:5126	2021-12-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
Red Hat OpenShift Container Platform 3.11
openshift3/ose-logging-elasticsearch5:v3.11.570-2.gd119820	cpe:/a:redhat:openshift:3.11::el7	RHSA-2021:5094	2021-12-14T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202112132021.p0.g2a13a81.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5106	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.6.0-202112140546.p0.g8b9da97.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5106	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.6.0-202112150545.p0.g190688a.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.7
openshift4/ose-metering-hive:v4.7.0-202112140553.p0.g091bb99.assembly.stream	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.7.0-202112150631.p0.gd502108.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.8
openshift4/ose-metering-hive:v4.8.0-202112132154.p0.g57dd03a.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5108	2021-12-14T00:00:00Z
openshift4/ose-metering-presto:v4.8.0-202112150431.p0.g4b934ae.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
RHPAM 7.11.1
	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.11	RHSA-2022:0082	2022-01-11T00:00:00Z
RHPAM 7.12.0
log4j-core	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12	RHSA-2022:0296	2022-01-26T00:00:00Z
Vert.x 4.1.5 SP1
log4j-core	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2021:5093	2021-12-14T00:00:00Z

References

Link	Providers
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Dec/2
http://seclists.org/fulldisclosure/2022/Jul/11
http://seclists.org/fulldisclosure/2022/Mar/23
http://www.openwall.com/lists/oss-security/2021/12/10/1
http://www.openwall.com/lists/oss-security/2021/12/10/2
http://www.openwall.com/lists/oss-security/2021/12/10/3
http://www.openwall.com/lists/oss-security/2021/12/13/1
http://www.openwall.com/lists/oss-security/2021/12/13/2
http://www.openwall.com/lists/oss-security/2021/12/14/4
http://www.openwall.com/lists/oss-security/2021/12/15/3
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
https://github.com/cisagov/log4j-affected-db
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
https://logging.apache.org/log4j/2.x/security.html
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211210-0007/
https://support.apple.com/kb/HT213189
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://twitter.com/kurtseifried/status/1469345530182455296
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.debian.org/security/2021/dsa-5020
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://www.kb.cert.org/vuls/id/930724
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

History

Thu, 03 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Intel datacenter Manager Netapp brocade San Navigator Netapp solidfire \& Hci Storage Node Netapp solidfire Enterprise Sds Siemens 6bk1602-0aa12-0tp0 Siemens 6bk1602-0aa12-0tp0 Firmware Siemens 6bk1602-0aa22-0tp0 Siemens 6bk1602-0aa22-0tp0 Firmware Siemens 6bk1602-0aa32-0tp0 Siemens 6bk1602-0aa32-0tp0 Firmware Siemens 6bk1602-0aa42-0tp0 Siemens 6bk1602-0aa42-0tp0 Firmware Siemens 6bk1602-0aa52-0tp0 Siemens 6bk1602-0aa52-0tp0 Firmware Siemens capital
CPEs	cpe:2.3:a:intel:audio_development_kit:-:::::::* cpe:2.3:a:intel:data_center_manager:::::::: cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::* cpe:2.3:a:intel:system_debugger:-:::::::* cpe:2.3:a:siemens:captial:::::::: cpe:2.3:a:siemens:captial:2019.1:-:::::: cpe:2.3:a:siemens:captial:2019.1:sp1912:::::: cpe:2.3:a:siemens:energyip_prepay:3.7:::::::* cpe:2.3:a:siemens:energyip_prepay:3.8:::::::* cpe:2.3:a:siemens:siguard_dsa:4.2:::::::* cpe:2.3:a:siemens:siguard_dsa:4.3:::::::* cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*	cpe:2.3:a:intel:datacenter_manager:::::::: cpe:2.3:a:netapp:brocade_san_navigator:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::* cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::* cpe:2.3:a:siemens:capital:::::::: cpe:2.3:a:siemens:capital:2019.1:-:::::: cpe:2.3:a:siemens:capital:2019.1:sp1912:::::: cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:::::::* cpe:2.3:a:siemens:energyip_prepay:::::::: cpe:2.3:a:siemens:siguard_dsa:::::::: cpe:2.3:a:siemens:vesys:2020.1:-:::::: cpe:2.3:a:siemens:vesys:2021.1:-:::::: cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:::::::* cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware::::::::
Vendors & Products	Intel audio Development Kit Intel data Center Manager Intel sensor Solution Firmware Development Kit Intel system Debugger Siemens captial	Intel datacenter Manager Netapp brocade San Navigator Netapp solidfire \& Hci Storage Node Netapp solidfire Enterprise Sds Siemens 6bk1602-0aa12-0tp0 Siemens 6bk1602-0aa12-0tp0 Firmware Siemens 6bk1602-0aa22-0tp0 Siemens 6bk1602-0aa22-0tp0 Firmware Siemens 6bk1602-0aa32-0tp0 Siemens 6bk1602-0aa32-0tp0 Firmware Siemens 6bk1602-0aa42-0tp0 Siemens 6bk1602-0aa42-0tp0 Firmware Siemens 6bk1602-0aa52-0tp0 Siemens 6bk1602-0aa52-0tp0 Firmware Siemens capital

Tue, 25 Feb 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Tue, 04 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-12-10'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-10T00:00:00.000Z

Updated: 2025-02-04T14:25:37.215Z

Reserved: 2021-11-26T00:00:00.000Z

Link: CVE-2021-44228

Vulnrichment

Updated: 2024-08-04T04:17:24.696Z

NVD

Status : Analyzed

Published: 2021-12-10T10:15:09.143

Modified: 2025-04-03T20:53:22.977

Link: CVE-2021-44228

Redhat

Severity : Critical

Publid Date: 2021-12-10T02:01:00Z

Links: CVE-2021-44228 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object